Group-IB Threat Intelligence Report 2012–2013 H1, a must read

Group-IB Threat Intelligence Report 2012–2013 H1 is an excellent analysis on the state and dynamics of today’s market of computer crimes and cyber threats.

Group-IB has recently issued an interesting report titled “Group-IB Threat Intelligence Report 2012 – 2013 H1” on the state and dynamics of today’s market of computer crimes and current cyber threats for the year 2012 and first quarter of 2013. Group-IB is one of the leading international companies that specialize in preventing and investigating high-tech cyber crimes and fraud.

The security firm conducted the investigations supported by experts from computer incidents response center CERT-GIB. This document examines current information security threats with a look to the trends in the cybercrime ecosystem and providing forecasts for near future (2014-2015).

The Group-IB Threat Intelligence Report starts with an impressive numerical estimation of various cybercrime segments where Russian-speaking criminal groups are actively present.

According to Group-IB, there was an average of 44 thefts carried out from online banking systems in 2012.

“The Bank of Russia reports4 that 7870 incidents were recorded in banks in the second half of 2012 alone. Of these incidents, 43.1% were related to illegal transfer of funds via Internet banking. Having said that, the Bank of Russia claims that an average of 28 thefts are committed daily.” states the Group-IB Threat Intelligence Report.

The overall cybercrime market reduced by 6% in 2012, despite it’s texture is in continuous movement, mainly caused by a drop in online bank theft due:

Successful operations aimed at dismantling criminal groups

Deployment of antifraud solutions by banks

Information sharing

The emergence of new criminal groups was not able to cause significant growth in this market.

The investigation revealed that the average amount stolen from the bank account of a legal entity in 2012 was 2.5 million rubles, and it is a conservative estimate because real figure is nearly 1.64 million rubles (($54,700) .

During 2012 Group-IB systems recorded a daily average of 150 DDoS attacks in Russia, analyzing principal hacking forum that offers attacks as service the researchers estimated that the average price of DDoS attacks is $100 per day.

But Russian underground is very popular for rent and sale of exploiting packs, an activity that produces earns fro $51.84 million for to cybercrime market.

The Group-IB Threat Intelligence Report contains an entire section on attacks against financial institutions, the experts remarked that the principal problems for the banking are a very low level of security and the habits to hide some incidents where their systems have been compromised or data leakage.

The analysis on vulnerabilities of web applications obtained by Group-IB in the course of providing services on information security audit and penetration testing in the year 2012 revealed that no critical direct web application vulnerabilities were found in 28% of sites investigated, but in 47% of the cases the access to the application data was gained exploiting flaws in third-party software application.

The availability on the underground market of source code of malware such as Carberp and ready-to-use web inject packs to be used against hundreds of European, US and Russian banks expose financial institutions to serious risks if they will not implement proper countermeasures. The Group-IB Threat Intelligence Report is full of examples of code used in the attacks, a mine of information for specialists and passionate in the matter.

The study documents also other emerging activities of criminal landscape such as the hackers’ interest in trading systems and impairment of POS terminals.

The document also includes two dedicated sections to describe the activities in dismantling criminal groups and developing laws on combating computer crimes. I found this aspect very intriguing and useful to better understand how researches conducted by security firms are used for real crime persecution and which are the limits of actual law framework for cybercrime.

The Group-IB Threat Intelligence Report is one of the best document I have seen due to the information provided and the organization of the topics … it is a read not to be missed!

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.AcceptRead More

Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.